Ransomware is no longer an IT problem; it is an existential threat to organizations worldwide. What were once occasional attacks are now structural, large-scale risks that can literally cripple organizations. As the digital world becomes increasingly complex, cybersecurity appears to be partly on a mud floor at many companies and organizations - and the worst is yet to come.
Actually, 2017 is the year that Wannacry ushered in the digital hostage era with an infection in 150 countries worldwide. That has since claimed thousands of victims, many of whom still did not even survive the loss of their digital data. Some recent examples include:
Einhaus Group (Germany, 2023), despite payment of €200,000 ransom, the attack led to prolonged downtime, loss of customer data and the end of the company.
Fasana (Germany, 2024), daily loss of orders: €250.000. The napkin company with 240 employees went insolvent.
Petersen Health Care (USA, 2024), the attack led to data loss and payment problems, eventually causing bankruptcy.
Stoli Group (U.S., 2024), bankruptcy after ransomware attack and political complications.
KNP Logistics (UK), the 158-year-old logistics company went bankrupt by one weak password, nearly 700 jobs were lost.
These cases show that ransomware is not an "IT problem," but a strategic risk that can threaten a company's viability. It is no longer a question of "if" you become a victim, but "when" and especially "to what extent." And have you organized a temporary fallback?
Not every affected company goes out of business, fortunately, but the financial impact and especially the brand damage can be enormous:
Merck (2017, NotPetya) - >$1 billion direct damage, interesting insurance case.
Maersk (2017, NotPetya) - direct cost $250-300 million, mainly start-up costs.
Kaseya (2021) - initial ransom demand $70 million; hundreds of companies affected.
Colonial Pipeline (2021) - ransom $4.4 million; broader impact and brand damage much larger.
CNA Financial (2021) - ransom ~$40 million; additional repair costs large.
JBS Foods (2021) - ransom ~$11 million; production disruptions and market impact.
Change Healthcare (2023/2024) - ransom ~$22 million; operational and reputational damage.
The City of Baltimore (2019) - direct cost >$19 million, nice report is here.
Jaguar Land Rover (2025) - production outages at plants, millions in potential revenue lost, end not yet in sight.
These cases make it clear that ransomware can cause enormous damage, even to large, healthy companies who you might expect to have professionally secured their IT environments.
What is often underestimated is that organizations often do not know afterwards exactly how an attack occurred because logging and monitor data is also (often first) encrypted or destroyed. Recovery measures can therefore often not be targeted: the unknown "hole" or hidden weakness is not definitively fixed. The black box is missing.
Moreover, it does not help others in the market if these potential weaknesses cannot be shared as a result. While the aviation industry learns systematically from its many mishaps - black boxes in every aircraft are mandatory to obtain airworthiness - cybersecurity remains something of a prize hunt for attackers, with knowledge sharing omitted.
In addition, every successful attack leaves behind an environment that remains vulnerable not only to the affected company, but also to all supply chain partners and suppliers.
In the suddenly turbulent times of war, our digital defenses appear to be built on a clay floor. Cloud services have amplified this risk: with so many chains of outsourced digital services, the weakest link is attacked and soon the entire chain is at a standstill.
The recent example at Heathrow and other airports shows this: it's not about big American cloud providers, but countless other European players in long chains of digital services. At Collins Aerospace, an English company, check-in and baggage systems were disrupted, directly affecting thousands of travelers.
Even simple offline fallback capabilities are often forgotten, when sometimes they could be simple and also manual.
During one of my trips in the central U.S., I experienced that during such a power outage, a retailer - knowing the vulnerability of overhead power lines - simply put on an old-fashioned mechanical cash register and rollers for credit card balance slips. And the manual doors opened alongside the automatic doors. Power outages there do not result in serious revenue loss because there is an offline fallback.
With us, that physical offline fallback has all but disappeared. With a bank card or credit card on your phone, you really can't sign a balance slip anymore. Once systems go down, the chain comes to a complete halt. The vulnerability increases, while the fallback capabilities get smaller and smaller.
The numbers don't lie: in the first half of 2025, the number of ransomware attacks increased 124% compared to the same period in 2024. What used to seem like an occasional problem is evolving into a structural threat to businesses worldwide.
At the same time, we are seeing the rise of Ransomware-as-a-Service (RaaS). This model allows even technically less experienced criminals to "rent" ransomware and execute attacks while the original developers collect a portion of the ransom. This makes the threat bigger, faster and harder to combat.
So the digital war has only just begun. While traditional defense systems are often on a clay floor, chains of cloud and outsourcing services are growing and fallback capabilities are diminishing, each incident is becoming more destructive. For businesses, downtime due to an attack is no longer a temporary inconvenience, but an existential threat.
